Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XPRcOQ12damhWz672VXQCKzctD0.roa
File: XPRcOQ12damhWz672VXQCKzctD0.roa (raw, json)
Hash identifier: +UjnKkHiRNO5TAw4O2QYp9JmNxVCRQBE+d4ZaSLhA7Y=
Subject key identifier: 5C:F4:5C:39:0D:76:75:A9:A1:5B:3E:BB:D9:55:D0:08:AC:DC:B4:3D
Certificate issuer: /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial: 01941F8CC79712B45832B9C4039AF7FD5B5A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XPRcOQ12damhWz672VXQCKzctD0.roa
Signing time: Wed 01 Jan 2025 01:48:27 +0000
ROA not before: Wed 01 Jan 2025 01:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212941
IP address blocks: 185.67.96.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:c7:97:12:b4:58:32:b9:c4:03:9a:f7:fd:5b:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Validity
Not Before: Jan 1 01:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5cf45c390d7675a9a15b3ebbd955d008acdcb43d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b1:08:3f:26:5d:36:1b:ac:8a:4f:e5:42:c4:
af:e5:54:cf:45:ab:ac:b0:f0:92:a6:dc:e6:6c:d5:
49:65:40:11:94:6f:71:22:49:ae:01:a1:f5:15:35:
4e:d7:39:cd:82:75:13:7f:5e:a8:b4:e9:a2:2d:e6:
76:e7:5a:f2:68:28:a5:01:04:7c:d7:5d:f4:df:24:
d9:50:01:60:70:92:70:7c:a3:37:6c:74:7b:5b:d8:
e2:b2:0c:8e:80:eb:d2:13:39:99:a1:c2:c1:cc:b1:
b0:27:6c:c0:ce:12:24:0f:f7:d8:7c:b1:ae:26:7d:
42:9f:a0:c1:51:dd:ff:08:a1:7d:13:b6:22:ea:a7:
3c:3a:75:49:b4:79:82:ae:9d:75:ca:e4:e5:27:1b:
72:ac:24:f2:38:d0:e8:f3:60:fc:90:c6:2a:2f:e1:
22:82:d7:a4:e5:94:ec:c9:78:fe:20:d6:a3:ef:5f:
d1:47:a5:b5:aa:33:8e:7d:1b:ff:a2:4e:14:e6:6d:
55:8b:f4:a1:aa:11:9b:58:05:f8:69:56:01:02:86:
99:93:2b:7b:b5:f8:a6:81:d8:64:ac:df:41:84:ab:
20:51:9a:bc:b8:74:64:ed:65:29:10:57:76:43:30:
16:8a:47:47:b7:d7:28:02:ab:01:98:2d:bc:fb:78:
b3:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:F4:5C:39:0D:76:75:A9:A1:5B:3E:BB:D9:55:D0:08:AC:DC:B4:3D
X509v3 Authority Key Identifier:
keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XPRcOQ12damhWz672VXQCKzctD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.67.96.0/22
Signature Algorithm: sha256WithRSAEncryption
2f:d3:1c:40:84:22:b7:0f:ec:85:13:bd:b5:00:08:c5:a8:5b:
b6:f1:0a:74:6a:ac:cf:22:f1:86:e8:11:48:c6:10:58:9e:98:
a0:27:73:01:3c:3c:3d:2d:ed:65:b8:d9:43:61:ed:10:6c:75:
22:9b:b4:f9:c7:ff:f1:cc:7a:06:ec:b6:fc:10:ba:db:15:78:
c2:db:be:3c:79:fe:80:c9:cb:01:89:ea:2d:cf:1c:e1:54:8a:
12:96:03:bc:9a:45:25:f9:3e:27:9f:2b:d8:8f:53:cd:d0:61:
5a:0d:bb:96:7e:b9:4b:85:c1:7c:e2:31:f7:23:11:af:03:40:
34:34:68:cc:fd:89:4d:fe:93:2d:58:11:73:5e:f2:27:a0:fc:
e7:0e:65:f9:ca:3f:00:07:c7:43:f1:4f:19:44:4d:44:e5:b5:
f7:34:d4:7e:ea:dd:db:54:b1:8f:28:38:7b:23:6c:67:31:17:
e2:d9:87:29:d9:9b:9e:77:a6:da:69:99:58:e8:34:20:36:92:
65:58:ac:3f:50:2a:b1:2f:00:33:08:4e:b6:27:11:a2:f5:22:
fd:02:1a:72:62:8f:e7:4a:2f:cd:11:0f:20:30:2d:9d:fd:00:
4e:80:0b:2c:d0:98:e3:43:64:5a:16:09:93:30:28:4d:fd:c3:
ea:b0:ab:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjMeXErRYMrnEA5r3/VtaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Y0NWMzOTBkNzY3NWE5YTE1YjNlYmJkOTU1ZDAwOGFjZGNiNDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LEIPyZdNhusik/lQsSv5VTPRaus
sPCSptzmbNVJZUARlG9xIkmuAaH1FTVO1znNgnUTf16otOmiLeZ251ryaCilAQR8
11303yTZUAFgcJJwfKM3bHR7W9jisgyOgOvSEzmZocLBzLGwJ2zAzhIkD/fYfLGu
Jn1Cn6DBUd3/CKF9E7Yi6qc8OnVJtHmCrp11yuTlJxtyrCTyONDo82D8kMYqL+Ei
gtek5ZTsyXj+INaj71/RR6W1qjOOfRv/ok4U5m1Vi/ShqhGbWAX4aVYBAoaZkyt7
tfimgdhkrN9BhKsgUZq8uHRk7WUpEFd2QzAWikdHt9coAqsBmC28+3iz/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFz0XDkNdnWpoVs+u9lV0Ais3LQ9MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvWFBSY09RMTJkYW1oV3o2NzJWWFFDS3pjdEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUNgMA0G
CSqGSIb3DQEBCwUAA4IBAQAv0xxAhCK3D+yFE721AAjFqFu28Qp0aqzPIvGG6BFI
xhBYnpigJ3MBPDw9Le1luNlDYe0QbHUim7T5x//xzHoG7Lb8ELrbFXjC2748ef6A
ycsBieotzxzhVIoSlgO8mkUl+T4nnyvYj1PN0GFaDbuWfrlLhcF84jH3IxGvA0A0
NGjM/YlN/pMtWBFzXvInoPznDmX5yj8AB8dD8U8ZRE1E5bX3NNR+6t3bVLGPKDh7
I2xnMRfi2Ycp2Zued6baaZlY6DQgNpJlWKw/UCqxLwAzCE62JxGi9SL9AhpyYo/n
Si/NEQ8gMC2d/QBOgAss0JjjQ2RaFgmTMChN/cPqsKsO
-----END CERTIFICATE-----
Generated at Wed Apr 16 06:40:19 2025 by rpki-client